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Art Unit: 2132 

1 This action is in response to the communication filed on 1 1/26/2003 . 

2 DETAILED ACTION 

3 Claims 1-32 have been examined. 

4 Title 

5 The title of the invention is acceptable. 

6 Information Disclosure Statement 

7 The information disclosure statement(s) (IDS) submitted on 3/9/2004, and 8/16/2006 are 

8 in compliance with the provisions of 37 CFR 1 .97. Accordingly, the examiner is considering the 

9 information disclosure statements. 

1 0 Request for Information under 3 7 CFR 1. 1 05 

1 1 Applicant and the assignee of this application arc required under 37 CFR 1.105 to 

12 provide the following information that the examiner has determined is reasonably necessary to 

13 the examination of this application. 

14 The information is required to enter in the record the art suggested by the applicant as 



15 relevant to this examination in the IDS filed 8/16/2006. Due to the length, 1084 pages, of the 

16 submitted document "Extensible Firmware Interface Specification", the examiner is unable to 

17 provide full consideration of this document. As such, the examiner is requiring the applicant to 

1 8 provide the specific chapter and section numbers of the document, (i.e. 1 .8.4) which relate 

19 directly to subject matter which the applicants believe they have invented (i.e. secure 

20 configuration of a machine in a pre -operating system environment). This information is 

2 1 reasonably necessary in order for the examiner to be able to give proper consideration to the 
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1 submitted document. The applicants are not required to resubmit this document, or any portions 

2 thereof. 

3 In responding to those requirements that require copies of documents, where the 

4 document is a bound text or a single article over 50 pages, the requirement may be met by 

5 providing copies of those pages that provide the particular subject matter indicated in the 

6 requirement, or where such subject matter is not indicated, the subject matter found in 

7 applicant's disclosure. 



8 This requirement is an attachment of the enclosed Office action. A complete reply to the 

9 enclosed Office action must include a complete reply to this requirement. The time period for 

10 reply to this requirement coincides with the time period for reply to the enclosed Office action. 

1 1 Drawings 

12 The drawings filed on 1 1/26/2003 are acceptable for examination proceedings. 

13 Specification 

14 Applicant is reminded of the proper language and format for an abstract of the disclosure. 

15 " 

16 The abstract should be in narrative form and generally limited to a single paragraph on 

17 a separate sheet within the range of 50 to 150 words. It is important that the abstract not exceed 

18 150 words in length since the space provided for the abstract on the computer tape used by the 

19 printer is limited. The form and legal phraseology often used in patent claims, such as "means" 

20 and "said, " should be avoided. The abstract should describe the disclosure sufficiently to assist 

21 readers in deciding whether there is a need for consulting the full patent text for details. 
22 

23 The language should be clear and concise and should not repeat information given in the 

24 title. It should avoid using phrases which can be implied, such as, "The disclosure concerns, " 

25 "The disclosure defined by this invention, " "The disclosure describes, " etc. 
26 

27 The abstract of the disclosure is objected to because: 

28 The first sentence "Methods and apparatus. . .are disclosed" only contains information 

29 already available within the title of the invention, and therefore should be removed. 
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1 Correction is required. See MPEP § 608.01(b). 

2 

3 Brief Summary of the Invention : See MPEP § 608.01(d). A brief summary or 

4 general statement of the invention as set forth in 37 CFR 1 .73. The summary is 

5 separate and distinct from the abstract and is directed toward the invention rather 

6 than the disclosure as a whole. The summary may point out the advantages of the 

7 invention or how it solves problems previously existent in the prior art (and 

8 preferably indicated in the Background of the Invention). In chemical cases it 

9 should point out in general terms the utility of the invention. If possible, the 

10 nature and gist of the invention or the inventive concept should be set forth. 

1 1 Objects of the invention should be treated briefly and only to the extent that they 

12 contribute to an understanding of the invention. 
13 

14 The specification is objected to for failing to provide a Brief Summary of the Invention. 

15 Correction is required. See MPEP Section 608.01(d) 
16 

1 7 Claim Rejections - 35 USC § 112 

18 The following is a quotation of the second paragraph of 35 U.S.C. 1 12: 

1 9 The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the 

20 subject matter which the applicant regards as his invention. 
21 

22 Claims 9-18 is rejected under 35 U.S.C. 1 12, second paragraph, as being indefinite for 

23 failing to particularly point out and distinctly claim the subject matter which applicant regards as 

24 the invention. 

25 Claim 9 is rejected under 35 U.S.C. 1 12, second paragraph, as being incomplete for 

26 omitting essential steps, such omission amounting to a gap between the steps. See MPEP 

27 § 2172.01 . The claim is directed to "a method of securely configuring a client", however there is 

28 no claim of a step which actually configures a client. Therefore, the claim is missing this 

29 essential step, and is rejected under 35 U.S.C. 1 12 2nd Paragraph. 
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1 

2 Claim Rejections - 35 USC §103 

3 The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 

4 obviousness rejections set forth in this Office action: 

5 A patent may not be obtained though the invention is not identically disclosed or 

6 described as set forth in section 102 of this title, if the differences between the subject matter 

7 sought to be patented and the prior art are such that the subject matter as a whole would have 

8 been obvious at the time the invention was made to a person having ordinary skill in the art to 

9 which said subject matter pertains. Patentability shall not be negatived by the manner in which 
10 the invention was made. 

11 

12 Claims 1- 7, 9-14, 16-17, 19-22, 24-30, and 32 are rejected under 35 U.S.C. 103(a) as 

1 3 being unpatentable over Hind et al. (US Patent Number 6,976, 1 63) hereinafter referred to as 

14 Hind. 

15 Regarding claims 1 and 26, Hind disclosed a method of securely configuring a first 



16 machine (See Hind Fig. 10 Element 706) in a pre-operating system environment (See Hind Col. 

17 2 Paragraph 2), the method comprising: detecting a message (See Hind Col. 1 1 Lines 19-31); 

18 determining an operating mode of the machine (See Hind Col. 12 Lines 45-63); providing an 

19 attestation (See Hind Col. 18 Lines 45-52) ; receiving a configuration update (See Hind Col. 18 

20 Lines 52-56); and updating a machine configuration in a pre-operating system environment (See 

21 Hind Col. 18 Lines 52-56 and Fig. 1 1), but Hind failed to specifically disclose performing a 

22 shared secret key exchange. However, Hind did disclose decryption at the receiving device 

23 using a shared secret (See Hind Col. 3 Lines 52-59). 

24 It would have been obvious to one of ordinary skill in the art at the time of invention to 

25 have performed a shared secret key exchange between the firmware distributor and the updatable 
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1 device of Hind. This would have been obvious because the ordinary person skilled in the art 

2 would have been motivated to provide both devices with the proper key so that proper encryption 

3 and decryption could occur. 

4 Regarding claims 9, and 29, Hind disclosed a method of securely configuring a client 

5 operating in a pre-operating system environment, the method comprising: sending a message 

6 (See Hind Col. 1 1 Lines 19-31); determining an operating mode of the client machine (See Hind 

7 Col. 12 Lines 45-63); receiving an attestation (See Hind Col. 18 Lines 45-52); verifying the 

8 attestation (See Hind Col. 18 Lines 45-52); and sending a configuration update to the client 

9 machine in a pre-operating system environment (See Hind Col. 1 8 Lines 52-56), but Hind failed 

10 to specifically disclose performing a shared secret key exchange. However, Hind did disclose 

1 1 decryption at the receiving device using a shared secret (See Hind Col. 3 Lines 52-59). 

12 It would have been obvious to one of ordinary skill in the art at the time of invention to 

13 have performed a shared secret key exchange between the firmware distributor and the updatable 

14 device of Hind. This would have been obvious because the ordinary person skilled in the art 

15 would have been motivated to provide both devices with the proper key so that proper encryption 

16 and decryption could occur. 

17 Regarding claim 19, Hind disclosed an apparatus to securely configure a client 

18 machine in a pre-operating system environment, the apparatus comprising: a client machine 

19 comprising: a messaging module configured to detect messages and send messages (See Hind 

20 Col. 1 1 Lines 19-31); an operating mode (See Hind Col. 12 Lines 45-63); a trusted platform 

21 module configured to provide an attestation (See Hind Col. 18 Lines 45-52); and a configuration 

22 module configured to update the client's configuration in a pre-operating system environment 
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1 (See Hind Col. 18 Lines 52-56); and a server machine comprising: an messaging module 

2 configured to send messages and receive messages (See Hind Col. 1 1 Lines 19-31); an 

3 attestation has been verifier (See Hind Col. 18 Lines 45-52); and an update module configured to 

4 generate a client configuration update (See Hind Col. 18 Lines 52-56), but Hind failed to 

5 specifically disclose the client machine comprising a key exchange module configured to 

6 perform a shared secret key exchange, or the server machine comprising a key exchange module 

7 configured to perform a shared secret key exchange after an attestation has been verified. 

8 However, Hind did disclose decryption at the receiving device using a shared secret (See Hind 

9 Col. 3 Lines 52-59). 

10 It would have been obvious to one of ordinary skill in the art at the time of invention to 

1 1 have provided the client and server of Hind each with a shared secret key exchange module. 

12 This would have been obvious because the ordinary person skilled in the art would have been 

13 motivated to provide both devices with the proper key so that proper encryption and decryption 

14 could occur. 

15 Regarding claims 2, and 27, Hind disclosed that the message is sent from a second 

16 machine (See Hind Col. 1 1 Lines 19-3 1). 

17 Regarding claims 3, and 20, Hind disclosed that the operating mode of the first machine 

18 comprises at least one of an IT-managed machine and a consumer machine (See Hind Col. 12 

19 Lines 45-63 and Col. 18 Line 59 - Col. 19 Line 3). 

20 Regarding claims 4, 12, and 21, Hind disclosed that the attestation comprises at least one 

21 of machine identity information and a pseudo-anonymous authentication (See Hind Col. 18 

22 Lines 45-52). 
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1 Regarding claim 5, Hind disclosed that the pseudo-anonymous authentication is provided 

2 by a trusted platform module (See Hind Col. 15 Lines 27-64). 

3 Regarding claims 6, and 13, Hind disclosed that the machine identity information 

4 comprises at least one of a serial number, a network name, and a cryptographic representation of 

5 hardware registers (See Hind Col. 18 Lines 45-52). 

6 Regarding claims 7, and 14, although Hind did not specifically disclose that the pseudo- 

7 anonymous authentication comprises an Attestation Identity Key, the use of an Attestation 

8 Identity Key is well know to those having ordinary skill in the art, and as such would have been 

9 obvious to employ in the system of Hind for authenticating the client device. 

10 Regarding claim 10, Hind disclosed the message is to a client machine (See Hind Col. 1 1 

11 Lines 19-31). 

12 Regarding claim 1 1 , Hind disclosed that the operating mode of the client machine 

13 comprises at least one of an IT-managed device and a personal device (See Hind Col. 12 Lines 

14 45-63 and Col. 18 Line 59 - Col. 19 Line 3). 

15 Regarding claims 16, 22, 24, and 28, Hind disclosed that the configuration comprises at 

16 least one of a firmware setting, a BIOS setting, and a machine setting (See Hind Col. 18 Lines 

17 45-52). 

18 Regarding claims 17, 25, and 32, Hind did not specifically disclose the configuration 

19 update being encrypted. However, Hind did disclose the update being provided over a network, 

20 and it was well known at the time of invention to encrypt transmissions over a network. 

21 Therefore, it would have been obvious to the ordinary person skilled in the art at the time of 

22 invention to have encrypted the configuration update of Hind. This would have been obvious 
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1 because the ordinary person skilled in the art would have been motivated to protect the update 

2 from being intercepted by an illicit party. 

3 Regarding claim 30, Hind disclosed instructions stored thereon that, when executed, 

4 cause the first machine to send the message via a network connection (See Hind Fig. 10). 

5 Claims 8, 18, and 23 are rejected under 35 U.S.C. 103(a) as being unpatentable over Hind 

6 as applied to claiml, 9, and 19 above, and further in view of Girard (US Patent Number 

7 7,093,124). 

8 Hind disclosed updating BIOS and Firmware in a computer, but failed to specifically 

9 disclose that updating is adapted to operate in an OS-transparent operating mode with 

10 networking support. 

1 1 Girard teaches a system for updating BIOS and system configurations remotely, and 

12 teaches that the use of an agent running in the BIOS, prior to loading the operating system, to 

13 perform authentication of a new boot image and to perform the required configuration, provides 

14 tamper resistance (See Girard Col. 1 Lines 20-47). 

15 It would have been obvious to the ordinary person skilled in the art at the time of 



16 invention to employ the teachings of Girard in the firmware updating system of Hind by 

17 performing the downloading, authentication, and configuration of Hind using an agent within the 

1 8 BIOS which is run prior to loading of the operating system. This would have been obvious 

19 because the ordinary person skilled in the art would have been motivated to provide the updating 

20 with tamper resistance. 

21 Claims 15 and 3 1 are rejected under 35 U.S.C. 103(a) as being unpatentable over Hind as 

22 applied to claims 9 and 29 above, and further in view of TCPA (Technical Overview for EFI). 
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1 



Hind rendered obvious the use of Attestation Identity Keys for authentication, but failed 



2 



to specifically disclose that the attestation is verified by a trusted third party. 



3 



TCPA teaches that AIKs are obtained through Trusted Third Parties and that the AIKs are 



4 



verified by the Trusted Third Party (See TCPA Pages 35-41). 



5 



It would have been obvious to the ordinary person skilled in the art at the time of 



6 invention to employ the teachings of TCPA in the authentication of the client of Hind by having 

7 a Trusted Third Party verify the AIK. This would have been obvious because the ordinary 

8 person skilled in the art would have been motivated to utilize the AIK system as it was intended 

9 to be used. 
10 

1 1 Conclusion 

12 Claims 1-32 have been rejected. 

13 The prior art made of record and not relied upon is considered pertinent to applicant's 

14 disclosure. 

15 Any inquiry concerning this communication or earlier communications from the 

16 examiner should be directed to MATTHEW T. HENNING whose telephone number is 

17 (571)272-3790. The examiner can normally be reached on M-F 8-4. 

18 If attempts to reach the examiner by telephone are unsuccessful, the examiner's 

19 supervisor, Ayaz Sheikh can be reached on (571) 272-3795. The fax phone number for the 

20 organization where this application or proceeding is assigned is 571-273-8300. 
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Information regarding the status of an application may be obtained from the Patent 



2 Application Information Retrieval (PAIR) system. Status information for published applications 

3 may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 

4 applications is available through Private PAIR only. For more information about the PAIR 

5 system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 

6 system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would 

7 like assistance from a USPTO Customer Service Representative or access to the automated 

8 information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 
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